Dato che ultimamente sono tornato a "giochicchiare" (stavolta con successo) con openvpn per creare una connessione bridged, ho pensato di rendere disponibile alla comunità lo script che mi sono preparato per lanciare/fermare il demone.
Eccone le caratteristiche:
- È pensato per avviare / fermare solo una connessione bridged (lato server). Niente connessioni routed (per ora).
- È necessario configurare alcune variabili alla bisogna nella prima parte del file perchè funzioni.
- Ho cercato di scrivere tutti i commenti in inglese, in modo da rendere lo script fruibile anche ad eventuali fruitori non italici del forum.
- Alcune parti sono ridondanti/poco eleganti. Cercherò di aggiustarle prossimamente. Eventuali suggerimenti sono comunque bene accetti .
- Dato che sulla mia configurazione l'avvio/arresto del bridge di rete mi faceva saltare la configurazione di rete, ho inserito un work around (tramite la variabile NEED_RECONF) che ripristina la configurazione di rete (soprattutto il default gateway) alla situazione precedente. È una soluzione che piace poco anche a me...
Come detto sopra, si accettano consigli.
Versione corrente: 1.02
Bon, penso di aver detto tutto.
Eccovi il listato:
- Codice: Seleziona tutto
#!/bin/bash
# Script able to start/stop a configured OpenVPN daemon in bridged mode.
# Brought to you by 414n.
# Version 1.0
# Global vars:
# This is the path to the start/stop bridge scripts that come with OpenVPN.
# The default path is /usr/doc/openvpnx.y/sample-scripts
# You must edit these scripts before launching OpenVPN.
# This variable cannot be left empty.
BRIDGE_SCRIPTS_PATH="/etc/openvpn"
# These are the names of the two scripts to start/stop the bridge.
# You have to edit them accordingly to you settings.
BRIDGE_START_CMD="bridge-start"
BRIDGE_STOP_CMD="bridge-stop"
# This is the OpenVPN executable (complete) path.
# If openvpn is in your path you can leave this field empty.
OPENVPN_PATH=""
# Here you can specify the config file to be used.
# Default is /etc/openvpn/openvpn.conf if unspecified.
OPENVPN_CFG_FILE=/etc/openvpn/openvpn-test1.conf
# These are some other options you may want to pass to the openvpn executable.
# They are not checked.
OPENVPN_OPTS=""
# This tells wether we need to reconfigure the network interface after
# switching on/off the bridge.
# I think this is only needed when you bridge the network that has internet
# access. It's a pity that the bridge scripts only work with a physical
# network interface...
# Possible values: TRUE, * (anything else).
NEED_RECONF=TRUE
# This is the gateway ip. If you specify NEED_RECONF=TRUE, the gateway will
# be defaulted to what you type here.
GATEWAY_IP="xx.yy.zz.aa"
# This function performs checks on the information you provided in this script.
initial_checks()
{
# Checking bridge-scripts presence.
if ! [ -x "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" ]
then
echo "Couldn\'t find $BRIDGE_START_CMD in $BRIDGE_SCRIPTS_PATH."
exit 1
#else
# echo "Bridge scripts found!"
fi
# Checking openvpn executable & configuration file existance.
if [ "$OPENVPN_PATH" -a ! -x "$OPENVPN_PATH" ]
then
echo "Couldn\'t find openvpn executable in $OPENVPN_PATH."
exit 2
else
OPENVPN_PATH=`which openvpn`
if [ ` echo "$OPENVPN_PATH" | grep 'which'` ]
then
echo "Couldn\'t find openvpn in you PATH enviroment variable."
exit 3
fi
fi
if [ "$OPENVPN_CFG_FILE" ]
then
if ! [ -e "$OPENVPN_CFG_FILE" ]
then
echo "Couldn\'t find openvpn configuration file in $OPENVPN_CFG_FILE".
exit 3
fi
else
if [ -e "/etc/openvpn/openvpn.conf" ]
then
OPENVPN_CFG_FILE="/etc/openvpn/openvpn.conf"
else
echo "Couldn\'t find /etc/openvpn/openvpn.conf. Please select a proper configuration file."
exit 4
fi
fi
}
# This function reads information about the actual bridged network interface
# from the bridge-start script, in order to reconfigure it if needed.
getifacedata ()
{
IFACE=`cat "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" | grep 'eth=' | cut -d= -f2 | sed -e 's/"//g'`
IFACE_IP=`cat "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" | grep 'eth_ip=' | cut -d= -f2 | sed -e 's/"//g'`
IFACE_NETMASK=`cat "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" | grep 'eth_netmask=' | cut -d= -f2 | sed -e 's/"//g'`
}
# This function retrieves the openvpn daemon PID
getpid ()
{
OPENVPN_PID=`ps aux | awk '{ print $2,$11 }' | grep "$OPENVPN_PATH"$ | awk '{ print $1 }'`
}
#This function reconfigures the default gateway only
reconfgateway ()
{
route add default gw "$GATEWAY_IP"
}
# This function restores network configuration
reconfnet ()
{
getifacedata
ifconfig "$IFACE" "$IFACE_IP" netmask "$IFACE_NETMASK"
}
# This function starts the daemon
start ()
{
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" 1>/dev/null
if [ $? -ne 0 ]
then
echo "Problem starting bridge. Please review bridge settings in "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD". Exiting"
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD"
reconfgateway
exit 5
fi
sleep 1
if [ "$OPENVPN_OPTS" ]
then
"$OPENVPN_PATH" "$OPENVPN_OPTS" "$OPENVPN_CFG_FILE"
else
"$OPENVPN_PATH" "$OPENVPN_CFG_FILE"
fi
if [ $? -ne 0 ]
then
echo "Something screwed up..."
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD"
reconfgateway
exit 9
fi
if [ "$NEED_RECONF" == "TRUE" ]
then
reconfgateway
fi
}
# This function stops the daemon
# Arguments:
# $1 : OpenVPN process PID
stop ()
{
kill -9 "$1"
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD" 1>/dev/null
if [ $? -ne 0 ]
then
echo "Problem stopping bridge. Please review settings in $BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD. Exiting"
exit 6
fi
if [ "$NEED_RECONF" == "TRUE" ]
then
reconfnet
reconfgateway
fi
}
initial_checks
case "$1" in
start)
getpid
if [ "$OPENVPN_PID" ]
then
echo "OpenVPN is already running (PID=$OPENVPN_PID)."
exit 7
else
if [ -z "`lsmod | grep tun`" ]
then
modprobe tun
fi
echo -n "Starting OpenVPN..."
sleep 1
start
echo "Done."
fi
;;
stop)
getpid
if [ "$OPENVPN_PID" ]
then
echo -n "Stopping OpenVPN..."
stop "$OPENVPN_PID"
if [ `lsmod | grep tun | awk '{ print $3 }'` == "0" ]
then
modprobe -r tun
fi
modprobe -r bridge
echo "Done."
else
echo "OpenVPN is not running."
exit 8
fi
;;
*)
echo "Usage: `basename $0` start/stop."
exit 1
;;
esac
Fatene buon uso
PS: se qualcuno conosce un metodo per far "mangiare" al bridge un'interfaccia virtuale mi faccia un fischio please. Ho già provato con gli alias delle interfaccie di rete ma pretende un'interfaccia fisica...
UPDATE v. 1.01: aggiunto un controllo sull'opzione daemon, in modo che openvpn venga eseguito sempre come daemon.
- Codice: Seleziona tutto
#!/bin/bash
# Script able to start/stop a configured OpenVPN daemon in bridged mode.
# Brought to you by 414n.
# Version 1.01
# Global vars:
# This is the path to the start/stop bridge scripts that come with OpenVPN.
# The default path is /usr/doc/openvpnx.y/sample-scripts
# You must edit these scripts before launching OpenVPN.
BRIDGE_SCRIPTS_PATH="/etc/openvpn"
# These are the names of the two scripts to start/stop the bridge.
# You have to edit them accordingly to your settings.
BRIDGE_START_CMD="bridge-start"
BRIDGE_STOP_CMD="bridge-stop"
# This is the OpenVPN executable (complete) path.
# If openvpn is in your path you can leave this field empty.
OPENVPN_PATH=""
# Here you can specify the config file to be used.
# Default is /etc/openvpn/openvpn.conf if unspecified.
OPENVPN_CFG_FILE=/etc/openvpn/openvpn-test1.conf
# These are some other options you may want to pass to the openvpn executable.
# They are not checked.
OPENVPN_OPTS=""
# This tells wether we need to reconfigure the network interface after
# switching on/off the bridge.
# I think this is only needed when you bridge the network that has internet
# access. It's a pity that the bridge scripts only work with a physical
# network interface...
# Possible values: TRUE, * (anything else).
NEED_RECONF=TRUE
# This is the gateway ip. If you specify NEED_RECONF=TRUE, the gateway will
# be defaulted to what you type here.
GATEWAY_IP="192.168.5.254"
# This function performs checks on the information you provided in this script.
initial_checks()
{
# Checking bridge-scripts presence.
if ! [ -x "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" ]
then
echo "Couldn\'t find $BRIDGE_START_CMD in $BRIDGE_SCRIPTS_PATH."
exit 1
#else
# echo "Bridge scripts found!"
fi
# Checking openvpn executable & configuration file existance.
if [ "$OPENVPN_PATH" -a ! -x "$OPENVPN_PATH" ]
then
echo "Couldn\'t find openvpn executable in $OPENVPN_PATH."
exit 2
else
OPENVPN_PATH=`which openvpn`
if [ ` echo "$OPENVPN_PATH" | grep 'which'` ]
then
echo "Couldn\'t find openvpn in you PATH enviroment variable."
exit 3
fi
fi
if [ "$OPENVPN_CFG_FILE" ]
then
if ! [ -e "$OPENVPN_CFG_FILE" ]
then
echo "Couldn\'t find openvpn configuration file in $OPENVPN_CFG_FILE".
exit 3
fi
else
if [ -e "/etc/openvpn/openvpn.conf" ]
then
OPENVPN_CFG_FILE="/etc/openvpn/openvpn.conf"
else
echo "Couldn\'t find /etc/openvpn/openvpn.conf. Please select a proper configuration file."
exit 4
fi
fi
# Checking if openvpn is already configured to be run as a daemon.
# This test checks both the config file and the OPENVPN_OPTS variable.
ISDAEMON=`echo "$OPENVPN_OPTS" | grep '\-\-daemon'`
ISDAEMON+=`grep ^daemon$ "$OPENVPN_CFG_FILE"`
if [ -z "$ISDAEMON" ]
then
if [ "$OPENVPN_OPTS" ]
then
OPENVPN_OPTS+=" --daemon"
else
OPENVPN_OPTS='--daemon'
fi
fi
}
# This function reads information about the actual bridged network interface
# from the bridge-start script, in order to reconfigure it if needed.
getifacedata ()
{
IFACE=`cat "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" | grep 'eth=' | cut -d= -f2 | sed -e 's/"//g'`
IFACE_IP=`cat "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" | grep 'eth_ip=' | cut -d= -f2 | sed -e 's/"//g'`
IFACE_NETMASK=`cat "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" | grep 'eth_netmask=' | cut -d= -f2 | sed -e 's/"//g'`
}
# This function retrieves the openvpn daemon PID
getpid ()
{
OPENVPN_PID=`ps aux | awk '{ print $2,$11 }' | grep "$OPENVPN_PATH"$ | awk '{ print $1 }'`
}
#This function reconfigures the default gateway only
reconfgateway ()
{
route add default gw "$GATEWAY_IP"
}
# This function restores network configuration
reconfnet ()
{
getifacedata
ifconfig "$IFACE" "$IFACE_IP" netmask "$IFACE_NETMASK"
}
# This function starts the daemon
start ()
{
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD" 1>/dev/null
if [ $? -ne 0 ]
then
echo "Problem starting bridge. Please review bridge settings in "$BRIDGE_SCRIPTS_PATH/$BRIDGE_START_CMD". Exiting"
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD"
reconfnet
reconfgateway
exit 5
fi
sleep 1
if [ "$OPENVPN_OPTS" ]
then
"$OPENVPN_PATH" $OPENVPN_OPTS --config "$OPENVPN_CFG_FILE"
else
"$OPENVPN_PATH" "$OPENVPN_CFG_FILE"
fi
if [ $? -ne 0 ]
then
echo "Something screwed up..."
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD"
reconfnet
reconfgateway
exit 9
fi
if [ "$NEED_RECONF" == "TRUE" ]
then
reconfgateway
fi
}
# This function stops the daemon
# Arguments:
# $1 : OpenVPN process PID
stop ()
{
kill -9 "$1"
"$BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD" 1>/dev/null
if [ $? -ne 0 ]
then
echo "Problem stopping bridge. Please review settings in $BRIDGE_SCRIPTS_PATH/$BRIDGE_STOP_CMD. Exiting"
exit 6
fi
if [ "$NEED_RECONF" == "TRUE" ]
then
reconfnet
reconfgateway
fi
}
initial_checks
case "$1" in
start)
getpid
if [ "$OPENVPN_PID" ]
then
echo "OpenVPN is already running (PID=$OPENVPN_PID)."
exit 7
else
if [ -z "`lsmod | grep tun`" ]
then
modprobe tun
fi
echo -n "Starting OpenVPN..."
sleep 1
start
echo "Done."
if ! [ "$ISDAEMON" ]
then
echo "Please add the \"daemon\" option to your config file ($OPENVPN_CFG_FILE) or to OPENVPN_OPTS."
fi
fi
;;
stop)
getpid
if [ "$OPENVPN_PID" ]
then
echo -n "Stopping OpenVPN..."
stop "$OPENVPN_PID"
if [ `lsmod | grep tun | awk '{ print $3 }'` == "0" ]
then
modprobe -r tun
fi
modprobe -r bridge
echo "Done."
else
echo "OpenVPN is not running."
exit 8
fi
;;
*)
echo "Usage: `basename $0` start/stop."
exit 1
;;
esac
